Scam of the week #2: HTML Invoice Attached

A common phishing scam involves attaching an HTML file to an email.  You will receive an email asking you to review an invoice or document attached to the email.

Here is an example:

So, what is an HTML attachment?  HTML is the language of web pages and web sites, and an HTML attachment is simply a web page attached to an email.  It opens in your browser and looks just like a website you might visit.

Once opened, the HTML attachment presents a realistic looking Microsoft login page. The page is designed to make you think that your login session has expired, and that you need to re-enter your password in order to move forward. The goal of this scam is to obtain your login credentials and once you enter your password here, the hackers have it.

Here is an example of the fraudulent, but realistic looking Microsoft login page:

You should never open HTML files, or any attachment sent via email unless the document is expected. Even if the email is from someone you know, contact them (call, text), to verify that the email and attachment is valid. Even if the email comes from a company that you normally deal with and the attachment is expected, get into the habit of signing into their official website to view any invoices or account statements. If it is unexpected, again, verify its authenticity with the vendor.

When sharing documents internally with your Nipissing colleagues, use MS Teams instead of email. If you need any help setting up a Team for this purpose, please reach out to UTS. This is the most secure method of internal file sharing and can also greatly improve overall administrative efficiencies.

As always, if you receive an email that you think is suspicious, don’t hesitate to forward it to helpdesk@nipissingu.ca so that we can quickly alert the community of any phishing campaigns.